Abstract: Wireless sensor networks have received a lot of attention recently due to their wide applications in military and civilian operations. Example applications include target tracking, scientific exploration, and data acquisition in hazardous environments. Security becomes one of the main concerns when there are malicious attacks against the network. However, providing security services in such networks turns out to be a challenging task due to the resource constraints on sensor nodes and the node compromise attacks. These features and challenges motivate the research on security mechanisms for wireless sensor networks. This dissertation includes three studies on security mechanisms for wireless sensor networks. The first study extends the capabilities of μTESLA, a broadcast authentication technique for wireless sensor networks, so that it can cover a long time period and support a large number of sensor nodes as well as potential senders in the network. The second study addresses how to establish pairwise keys between sensor nodes in a wireless sensor network. A key pre-distribution framework based on bivariate polynomial pool is developed for this purpose. Two efficient instantiations of this framework are also provided: a random subset assignment scheme and a hypercube-based key pre-distribution scheme. To further improve the pairwise key establishment in static sensor networks, prior deployment knowledge, post deployment knowledge and group-based deployment knowledge are used to facilitate key pre-distribution. The third study investigates how to enhance the security of location discovery in sensor networks. An attack-resistant MMSE method and a voting-based method are developed to tolerate malicious attacks against location discovery. Both methods can survive malicious attacks even if the attacks bypass traditional cryptographic protections such as authentication, as long as the benign beacon signals constitute the majority of the \"consistent\" beacon signals. In addition, a number of techniques are proposed to detect and revoke malicious beacon nodes that supply malicious beacon signals to sensor nodes.