The deployment of the Internet of Things (IoT) in industry, called the Industrial IoT (IIoT), is supporting the introduction of very desirable improvements such as increasing production flexibility, self-organization and real-time and quick response to events. However, security and privacy challenges are still to be well addressed. The IIoT requires different properties to achieve secure and reliable systems and these requirements create extra challenges considering the limited processing and communication power available to IIoT field devices. In this research article, we present a key distribution protocol for IIoT that is computationally and communicationally lightweight (requires a single message exchange) and handles node addition and revocation, as well as fast re-keying. The scheme can also resist the consequences of node capture attacks (we assume that captured nodes can be detected by the Gateway and previous works have shown this assumption to be acceptable in practice), server impersonation attacks and provides forward/backward secrecy. We show formally the correctness of our protocol and evaluate its energy consumption under realistic scenarios using a real embedded platform compared to previous state-of-the-art key-exchange protocols, to show our protocol reliability for IIoT.