Providing end-to-end data security, i.e., data confidentiality, authenticity, and availability, in wireless sensor networks (WSNs) is a non-trivial task. In addition to the large number and severe resource constraint of sensor nodes, a particular challenge comes from potential insider attacks due to possible node compromise, since a WSN is usually deployed in unattended/hostile environments. Existing security designs provide a hop-by-hop security paradigm only, which leaves the end-to-end data security at high stake. Data confidentiality and authenticity is highly vulnerable to insider attacks, and the multihop transmission of messages aggravates the situation. Moreover, data availability is not sufficiently addressed in existing security designs, many of which are highly vulnerable to many types of Denial of Service (DoS) attacks, such as report disruption attacks, selective forwarding attacks, etc. In this paper, we seek feasible solutions to overcome these vulnerabilities. Through exploiting the static and location-aware nature of WSNs, we come up with a location-aware end-to-end security framework in which each node only stores a few secret keys and those secret keys are bound to the node's geographic location. The property of the location-aware keys successfully limits the impact of compromised nodes to their vicinity. We also propose a multifunctional key management framework which ensures both nodeto-sink and node-to-node authentication along report forwarding routes. Moreover, our novel one-to-many data delivery approach guarantees efficient en-route bogus data filtering and is highly robust against many known DoS attacks. We evaluate our design through extensive analysis, which demonstrates a high security resilience against an increasing number of compromised nodes at the cost of a moderate protocol overhead.