Ehrenwörtliche Erklärung 2Hiermit erkläre ich, dass ich die vorliegende Arbeit, mit Ausnahme der in ihr ausdrücklich genannten Hilfen, selbstständig verfasst habe.1 gemäß §20 Abs. 3 der Promotionsordnung der TU Darmstadt 2 gemäß §9 Abs. 1 der Promotionsordnung der TU Darmstadt AbstractWireless sensor networks are a relatively new technology for information gathering and processing. A sensor network usually consists of many, resource constrained sensor nodes. These nodes perform measurements of some physical phenomena, process data, generate reports, and send these reports via multihop communication to a central information processing unit called sink. Depending on the scenario, information gathering and processing is collaboratively performed by multiple sensor nodes, e.g., to determine the average temperature in a certain area.Sensor networks can be used in a plethora of application scenarios. Emerging from military research, e.g., sensor networks for target tracking in a battlefield, sensor networks are nowadays used more and more in civil applications such as critical infrastructure monitoring.For ensuring the functionality of a sensor network, especially in malicious environments, security mechanisms are essential for all sensor networks. However, sensor networks differ from classical (wireless) networks and this consequently makes it harder to secure them. Reasons for this are resource constraints of the sensor nodes, the wireless multihop communication, and the possibility of node compromise. Since sensor nodes are often deployed in unattended or even hostile environments and are usually not equipped with tamper-resistant hardware, it is relatively easy to compromise a sensor node. By compromising a sensor node, an adversary gets access to all data stored on the node, such as cryptographic keys. Thus, deployed security mechanisms such as node-based authentication become ineffective and an adversary is able to perform attacks as a "legitimate" member of the network. Such attacks are denoted as insider attacks and pose a serious threat for wireless sensor networks.In this thesis, we develop concepts and mechanisms to cope with insider attacks in wireless sensor networks. The contribution of this thesis is twofold. First, we propose a new general classification to classify the different approaches to protect against insider attacks. Second, we propose several security protocols to protect against insider attacks.In our classification, approaches to protect against insider attacks are first distinguished by the implemented security strategy. The respective strategies are further subclassified by the applied mechanisms. Related work is integrated in the classification to systematically identify open problems and specific properties in the respective areas. The results may be a basis for future protocol design.The protocols, proposed in the second part of this thesis encompass different areas. First, we propose a protocol to protect against a serious Denial-of-Service attack where an adversary injects or replay...