The recent technological advances have made it possible to deploy small, l- power, low-bandwidth, and multi-functional wireless sensor nodes to monitor and report the conditions and events in their local environments. A large collection of these sensor nodes can thus form a wireless sensor network in an ad hoc manner, creating a new type of information systems. Such sensor networks have recently emerged as an important means to study and interact with the physical world and have received a lot of attention due to their wide applications in military and civilian operations such as target tracking and data acquisition. However, in many of these applications, wireless sensor networks could be deployed in hostile environments where there are malicious attacks against the network. Providing security services in sensor networks, however, turns out to be a very challenging task. First, sensor nodes usually have limited resources such as storage, bandwidth, computation and energy. It is often undesirable to implement expensive algorithms (e. g. , frequent public key operations) on sensor nodes. Second, sensor nodes are usually deployed unattended and built without compromise prevention in mind. An attacker can easily capture and compromise a few sensor nodes without being noticed. When sensor nodes are compromised, the attacker can learn all the secrets stored on them and launch a variety of attacks. Thus, any security mechanism for sensor networks has to be resilient to compromised sensor nodes.