Sensor networks are composed of a large number of low power sensor devices. For secure communication among sensors, secret keys are required to be established between them. Considering the strict resource constraints of sensors, key infection has been proposed by Anderson, Chan, and Perrig. However, because the communication keys are broadcasted in plaintext in key infection, some of them may be eavesdropped by an adversary. To address this security issue, secrecy transfer is presented, which utilizes pre-loaded secret keying material to enhance the security performance of key infection. To thwart on-going cryptanalytic attacks, a key evolution scheme is proposed to continuously refresh shared keys. Key evolution forces the adversary to keep monitoring traffic all the time after compromising a key; even if the adversary has compromised a key, it cannot catch up with the key evolution process, and may lose control of the compromised key quickly in a noisy communication environment. Analysis results show that key infection, secrecy transfer, and key evolution present viable trade-offs between security and resource consumption for smart dust sensor networks.