An edge-cloud Industrial Internet of Things (IIoT) can help meet the computing requirements of industrial applications, particularly in time and latency-sensitive services. Ensuring the security and privacy of (sensitive) information collected by IIoT end devices is crucial, and has an important impact on the decision making as well as operational safety. However, these devices are energy constrained and vulnerable to corruption. The authentication schemes suitable for this environment need to be lightweight, efficient, and concise. In this article, we propose a symmetric-key authentication scheme with a perfect forward secrecy (SAPFS), which relies on both authentication and derivation master keys. The SAPFS scheme uses only XOR operation and hash function to achieve mutual authentication, key exchange, and message integrity. On the condition of the irreversible hash function and indistinguishable master keys, we demonstrate that SAPFS is provably secure under the random oracle model. Finally, a comparative summary with three other competing schemes (in terms of communication cost, storage requirement, and computation complexity) demonstrates its utility.