A low-end embedded platform for Internet of Things (IoT) often suffers from a critical trade-off dilemma between security enhancement and computation overhead. We propose PUFSec, a new device fingerprint-based security architecture for IoT devices. By leveraging intrinsic hardware characteristics, we aim to design a computationally lightweight security software system architecture so that complex cryptography computation can dramatically be prohibited. We exploit the innovative idea of Public Physical Unclonable Functions (PPUFs) that fundamentally protects attackers from recovering the secret key from public gate delay information. We implement its hardware logic in a real-world FPGA board. On top of the PPUF fingerprint hardware, we present an adaptive security control mechanism consisting of adaptive key generation and key exchange protocol, which adjusts security strength depending on system load dynamics. We demonstrate that our PPUF FPGA implementation embeds distinctive variability enough to distinguish between two different PPUFs with high fidelity. We validate our PUFSec architecture by implementing necessary algorithms and protocols in a real-world IoT platform, and performing empirical evaluation in terms of computation and memory usages, proving its practical feasibility.