In-network aggregation is a technique employed in Wireless Sensor Networks (WSNs) to aggregate information flowing from the sensor nodes towards the base station. It helps in reducing the communication overhead on the nodes in the network and thereby increasing the longevity of the network. We study the problem of maintaing integrity of the aggregate value, when the aggregate function is SUM, in the presence of compromised sensor nodes. We focus on one-round, end-to end, secure aggregation protocols and give a strong, formal security defintion. We show that a worst-case lower bound of (n) applies on the congestion (maximum size of message between any two nodes) in such protocols, where n is the number of nodes in the network. This is the first such result showing that the most basic protocols are the best one-round in-network aggregation protocols with respect to congestion. We also show that against a weaker adversary (which does not compromise nodes), we can achieve secure in-network aggregation protocols with a congestion of O(log2 n).