We address three security issues in sensor networks in this thesis: key pre-distribution, hop-by-hop authentication, and secure multidimensional query. As a security primitive, key establishment plays the most crucial role in the design of the security mechanisms. Unfortunately, the resource limitation of sensor nodes poses a great challenge for designing an efficient and effective key establishment scheme for Wireless Sensor Networks (WSNs). In spite of the fact that many elegant and clever solutions have been proposed, no practical key establishment scheme has emerged. In this thesis, a emph{ConstrAined Random Perturbation based pairwise keY establishment} (CARPY) scheme and its variant, a CARPY+ scheme, for WSNs, are presented. Compared to all existing schemes which satisfy only some requirements in so-called emph{sensor-key criteria}, including 1) resilience to the adversary's intervention, 2) directed and guaranteed key establishment, 3) resilience to network configurations, 4) efficiency, and 5) resilience to dynamic node deployment, the proposed CARPY+ scheme meets all requirements. In particular, to the best of our knowledge, CARPY+ is the first non-interactive key establishment scheme with great resilience to a large number of node compromises designed for WSNs. We examine the CARPY and CARPY+ schemes from both the theoretical and experimental aspects. Our schemes have also been practically implemented on the TelosB compatible mote to evaluate the corresponding performance and overhead. Sensor networks are vulnerable to false data injection attack and path-based DoS (PDoS) attack. While conventional authentication schemes are insufficient for solving these security conflicts, an emph{en-route filtering} scheme, enabling each forwarding node to check the authenticity of the received message, acts as a defense against these two attacks. To construct an efficient en-route filtering scheme, this thesis first presents a Constrained Function based message Authentication (CFA) scheme, which can be thought of as a hash function directly supporting the en-route filtering functionality. Obviously, the crux of the scheme lies on the design of guaranteeing each sensor to have en-route filtering capability. Together with the emph{redundancy property} of sensor networks, which means that an event can be simultaneously observed by multiple sensor nodes, the devised CFA scheme is used to construct a CFA-based en-route filtering (CFAEF) scheme. In addition to the resilience against false data injection and PDoS attacks, CFAEF is inherently resilient against false endorsement-based DoS (FEDoS) attack. In contrast to most of the existing methods, which rely on complicated security associations among sensor nodes, our design, which directly exploits an en-route filtering hash function, appears to be novel. We examine the CFA and CFAEF schemes from both the theoretical and numerical aspects to demonstrate their efficiency and effectiveness. Moreover, prototype implementation on TelosB mote demonstrates the practicality of our proposed method. The two-tier architecture consisting of a small number of resource-abundant storage nodes in the upper tier and a large number of sensors in the lower tier could be promising for large scale sensor networks in terms of resource efficiency, network capacity, network management complexity, etc. In this architecture, each sensor having multiple sensing capabilities periodically forwards the multidimensional sensed data to the storage node, which responds to the queries, such as range query, top-$k$ query, and skyline query. Unfortunately, node compromises pose the great challenge of securing the data collection; the sensed data could be leaked to or could be manipulated by the compromised nodes. Furthermore, chunks of the sensed data could be dropped maliciously, resulting in an incomplete query result, which is the most difficult security breach. Here, we propose a simple yet effective hash tree-based framework, under which data confidentiality, query result authenticity, and query result completeness can be guaranteed simultaneously. In addition, the emph{subtree sampling} technique, which could be of independent interest to the other applications, is proposed to efficiently identify the compromised nodes. Last, analytical and extensive simulation studies are conducted to evaluate the performance and security of our methods. Prototype implementation on TelosB mote demonstrates the practicality of our proposed methods. Although defending against node replication attacks demands immediate attention, compared to the extensive exploration on the defense against node replication attacks in static networks, only a few solutions in mobile networks have been presented. Moreover, while most of the existing schemes in static networks rely on the witness-finding strategy, which cannot be applied to mobile networks, the velocity-exceeding strategy used in existing schemes in mobile networks incurs efficiency and security problems. Therefore, based on our devised challenge-and-response and encounter-number approaches, localized algorithms are proposed to resist node replication attacks in mobile sensor networks. The advantages of our proposed algorithms include (1) Localized Detection; (2) Efficiency and Effectiveness; (3) Network-Wide Synchronization Avoidance; (4) Network-Wide Revocation Avoidance.