Data aggregation is a key problem in wireless sensor networks (WSNs). To secure the aggregation results, researchers have proposed to adopt homomorphic encryptions. Since aggregation is conducted in the ciphertext space without decryption, both the confidentiality and integrity can be protected against untrusted or compromised aggregators. However, such techniques cannot protect against untrusted or compromised sources, i.e., wireless sensors, as homomorphic encryptions require all sources to share a common encryption key. Since wireless sensor networks are often vulnerable to physical or network attacks, new secure aggregation schemes that can protect against compromised sources are needed. This paper proposes Onion Homomorphic Encryption-based Aggregation (OHEA), where sources form groups with their dedicated encryption keys, a.k.a., the group keys. OHEA has a nice property that group keys themselves can be aggregated, so it can work recursively with any level of aggregation hierarchy. By security analysis, we show that even if multiple aggregators or sources are compromised, an adversary is still unable to compromise the data of other nodes in the same or upper levels of the hierarchy. Furthermore, the experimental results show that OHEA incurs low computation and communication cost, and is thus scalable to large WSNs.