Wireless reprogramming for a wireless sensor network is the process of uploading new code or changing the functionality of existing code. For security reasons, every code update must be authenticated to prevent an adversary from installing malicious code in the network. All existing reprogramming protocols are based on the centralized approach in which only the base station has the authority to initiate reprogramming. However, it is desirable and sometimes necessary for multiple authorized network users to simultaneously and directly reprogram sensor nodes without involving the base station, which is referred to as distributed reprogramming. In this case, the network owner can also assign different reprogramming privileges to different users. Motivated by this consideration, we develop a secure and distributed reprogramming protocol named SDRP , which is the first work of its kind. The protocol uses identity-based cryptography to secure the reprogramming and to reduce the communication and storage requirements of each node. Moreover, our theoretical analysis demonstrates the security properties of our protocol. We also implement SDRP in a network of resource-limited sensor nodes to show its high efficiency in practice.