Sybil attack is a harmful threat to sensor networks, in which a malicious node illegally forges an unbounded number of identities to defeat redundancy mechanisms. Digital certificates are a way to prove identities. However, they are not viable in sensor networks. In this paper, we propose a light-weight identity certificate method to defeat Sybil attacks. Our proposed method uses one-way key chains and Merkle hash trees. The method thereby avoids the need for public key cryptography. In addition, the method provides a means for authentication of all data messages. A variant of this method is presented that has lower computational requirements under certain conditions. The security of each method is analyzed, and is as good or better than previously-proposed approaches, with fewer assumptions. The overhead (computation, storage, and messages) is also shown to be acceptable for use in sensor networks.