Clock synchronization is a fundamental service for many applications in wireless sensor networks. Because of its critical importance, several protocols have been proposed to achieve clock synchronization. However, most of them are not designed to work in adversarial environments, where security attacks occur. In particular, a man-in-the-middle attack, where the attacker tampers with the properties of a link, could prevent the proper operation of the clock synchronization protocol, therefore affecting every application that relies on the clock synchronization service. We present a secure network-wide clock synchronization protocol which also allows the nodes to securely discover the network topology by detecting and isolating links that behave inconsistently. This protocol is based on detecting attacks using timing information alone under certain conditions. We have developed an implementation of this protocol where we have shown that any inconsistent link found in the network is effectively eliminated.