Sensor networks usually consist of thousands of resource-limited nodes and are deployed in a designated area without any fixed infrastructure. While the establishment of the pairwise keys between any pair of adjacent nodes to build a secure link remains the main concern in the design of key management protocols, malicious attacks aim at routing information, exhaust node’s resource, and compromised secrets can misdirect the data flow or denial the network service with relatively small effort. Many mission-critic sensor network applications demand an effective, light, and flexible algorithm yet robust under attacks. Based on the LEAP+ scheme, we propose an improved LEAP+ by adding location information into the key establishment phase. By identifying the correctness of the id-location pair, our scheme effectively limits the Sybil attack and mitigates the damage of HELLO flood attack and node cloning attack. We furthermore propose an authentication phase in our scheme to defend possible replay attacks. The analysis shows that our scheme is more robust than LEAP+ with only minor increase of computation overhead.