Internet-of-Things (IoT) devices are usually small, low cost, and have limited resources, which makes them vulnerable to physical and cloning attacks. To secure IoT devices, physical unclonable functions (PUFs) are relatively new security primitives used for device authentication and device-specific secret-key generation. In this paper, we focus on designing a robust construction to derive secret keys from static random-access memory (SRAM)-PUFs, which enjoy the uniqueness and randomness properties stemming from the manufacturing variations of SRAM memory cells. We make use of a polar code construction. Based on the fact that SRAM memory can often be found in today's IoT devices, and since polar codes have been selected as error-correction technique in the fifth generation standard, this makes the proposed scheme a promising candidate for reducing the extra cost and securing resource-constrained IoT devices. In this paper, we propose a novel construction method to eliminate the effect of noise and bias in SRAM-PUFs. We shall prove that the secrecy leakage of the helper data about the secret-key can be made negligible due to polarization and proper code construction design. Results show that the proposed scheme provides a significant improvement of the reliability (achieve a failure probability below 10^-6) and of the realizable secret-key rate, which is also evaluated by the theoretical analysis. In addition, the proposed scheme provides the possibility to tradeoff complexity, secrecy, and reliability with the same code construction for different IoT applications.