Body Area Networks (BAN) is a key enabling technology in E-healthcare such as remote health monitoring. An important security issue during bootstrap phase of the BAN is to securely associate a group of sensor nodes to a patient, and generate necessary secret keys to protect the subsequent wireless communications. Due to the the ad hoc nature of the BAN and the extreme resource constraints of sensor devices, providing secure, fast, efficient and user-friendly secure sensor association is a challenging task. In this paper, we propose a lightweight scheme for secure sensor association and key management in BAN. A group of sensor nodes, having no prior shared secrets before they meet, establish initial trust through group device pairing (GDP), which is an authenticated group key agreement protocol where the legitimacy of each member node can be visually verified by a human. Various kinds of secret keys can be generated on demand after deployment. The GDP supports batch deployment of sensor nodes to save setup time, does not rely on any additional hardware devices, and is mostly based on symmetric key cryptography, while allowing batch node addition and revocation. We implemented GDP on a sensor network testbed and evaluated its performance. Experimental results show that that GDP indeed achieves the expected design goals.