Wireless sensor networks are already deployed in numerous occasions. As this technology matures towards wider adoption, security will become an increasingly important requirement. However, resource and cost constraints for the low-complexity sensor nodes remain a challenge in designing security mechanisms. In this paper, we propose a new approach to protect confidentiality against a parasitic adversary, interested in obtaining the sensor network measurements in an unauthorized way. Our low-complexity solution, GossiCrypt, leverages on the large scale of sensor networks. It requires that the source sensor encrypts data, while a chosen randomly subset of the nodes en route to the sink re-encrypt the data. Furthermore, a key refreshing mechanism thwarts a parasitic adversary that could progressively physically compromise over time multiple sensor nodes. We validate our scheme with both analysis and simulations. We show that GossiCrypt protects the confidentiality of data with probability almost one. Compared with a system using public-key encryption, GossiCrypt has the advantage of allowing for a network lifetime that is up to three orders of magnitude longer.