This paper explores the design space for message authentication in sensor 
networks. Several types of authentication are put into relation: end-to-end, 
hop-to-hop, and physical and virtual multipath authentication. 

While end-to-end authentication provides the highest and most general 
security level, it may be too costly or impractical to implement. On the other 
end of the security scale, hop-to-hop authentication can be implemented with 
little e ort but provides security only to a highly restricted attacker. 
Multipath authentication provides an intermediate security level that may be 
appropriate for many applications of sensor networks, trading energy for 
security guarantees. Virtual multipaths o er an improvement, reducing energy 
demands while retaining crucial security properties of physical multipaths.