Random pairwise key pre-distribution schemes have been adopted extensively as a preferred approach to tackling the pairwise key agreement problem in wireless sensor networks (WSNs). However, their practical applicability is threatened by the key-swapping collusion attack (KSCA) whose goal is to ruin critical applications that requires collaborative efforts of sensor nodes such as data aggregation mechanisms, routing protocols, distributed voting schemes and misbehaviour detection systems, etc. In this paper, we propose a light-weight framework for thwarting the attack. Our proposed framework makes good use of a winning combination of incremental sensor node deployment and a diversified one-way hash chain. The framework thereby evades undesirable costly requirements of additional functionalities and resources to aggregators and base stations, topological knowledge in advance or costly location-based detection algorithms, yet maintaining network scalability. Moreover, the in-depth analytical and experimental analyses conducted on two node capture attack models show that the framework eradicates the KSCA under one attack while demonstrating most likely immunity under the other attack. Finally, the detailed performance evaluation carried out via simulations indicates the plausibility of the framework for use in the current generation of sensor nodes. Copyright © 2009 John Wiley & Sons, Ltd.