Cluster-based wireless sensor networks have advantages of scalability and efficient communication. However, a major security risk to cluster heads is a malicious code injection attack through which an adversary can completely control a cluster network to deliver fake data and obtain private data. Memory attestation scheme is an effective mechanism for attesting the firmware integrity of an embedded device. Unfortunately, existing hardware-based remote attestation scheme relying on a trusted platform module incurs a considerable storage overhead to cluster heads. Therefore, this article proposes a lightweight hardware-based remote attestation scheme that comprises two remote attestation protocols. A lightweight hardware security module without executing any complicated cryptographic computation is employed and can substantially reduce the development cost and energy consumption compared with the trusted platform module. In the proposed scheme, a base station can attest each individual cluster head while all cluster nodes can simultaneously attest their cluster head in regular intervals. Performance analysis indicates that the storage requirement for cluster heads is independent of the number of attestation sessions. Furthermore, the computational cost of cluster nodes for the proposed scheme is comparable to that of the trusted platform module-based scheme. The proposed scheme is particularly suitable for long-term applications based on lightweight cluster heads.