Broadcast is used in wireless sensor networks for operations such as software updates, network queries, and command dissemination. Applications such as battlefield control and natural resource management require not only authentication of broadcast messages, but also secrecy against eavesdroppers. In this paper we design, implement, and evaluate a novel scheme that meets the requirements of secrecy, authenticity, integrity, and freshness of broadcast messages in the context of a single-hop wireless sensor network. Our contributions are three-fold: first, we propose the use of time-varying keys (based on a key-chain) for broadcast encryption, emphasising advantages such as non-forgeability, protection against old-key compromise, and allowance for dynamic data. Second, we extend the basic key-chain mechanism to incorporate limited protection against key loss, allowing legitimate receivers to recover even if they have lost a small number of keys. Third, we prototype our scheme by incorporating it into Deluge, the network programming protocol distributed with TinyOS, and quantify its cost in terms of time, space, and power consumption on a TelosB mote platform. Our scheme represents a practical, efficient and scalable means of delivering broadcast data secretly to a large number of low-power sensor nodes.