I. Introduction
To serve applications that work in an adverse or even hostile environment, such as battlefield surveillance and forest fire monitoring, a sensor network must not only report each relevant event promptly, but also reject false reports in jeeted by attackers. In addition to causing false alarms that can waste real-world response effort, false reports can drain out the finite amount of energy resource in a battery-powered network. A few recent research efforts [1], [2] [3] have proposed mechanisms to provide node and message authentication for sensor networks to prevent false report injection by an outside attacker. However. these proposed security mechanisms are rendered ineffective when any sinzle node is compromised.