Guaranteeing end-to-end data security in wireless sensor networks (WSNs) is important and has drawn much attention of researchers over past years. Because an attacker may take control of compromised sensor nodes to inject bogus reports into WSNs, enhancing data authenticity becomes a necessary issue in WSNs. Unlike PCREF (Yang et al. in IEEE Trans Comput 64(1):4-18, 2015 ) (LEDS, Ren et al. in IEEE Trans Mobile Comput 7(5):585-598, 2008 ), digital signature rather than message authentication polynomials (message authentication codes) is adopted by our protocol in en-route filtering. Keeping the advantages of clusters in PCREF and overcoming the drawbacks in LEDS, an enhanced and efficient cluster-based security protocol is proposed in this paper. The proposed protocol can guarantee end-to-end data authentication with the aid of digital signature and exhibits its effectiveness and efficiency through security analysis and performance analysis. Our analytical results show that the proposed protocol significantly outperforms the closely related protocols in the literature in term of security strength and protocol overhead.