Consensus is fundamental for distributed systems since it underpins key functionalities of such systems ranging from distributed information fusion, decision-making, to decentralized control. In order to reach an agreement, existing consensus algorithms require each agent to exchange explicit state information with its neighbors. This leads to the disclosure of private state information, which is undesirable in cases where privacy is of concern. In this paper, we propose a novel approach for undirected networks which can enable secure and privacypreserving average consensus in a decentralized architecture in the absence of an aggregator or third-party. By leveraging partial homomorphic cryptography to embed secrecy in pairwise interaction dynamics, our approach can guarantee convergence to the consensus value (subject to a quantization error) in a deterministic manner without disclosing a node's state to its neighbors. We provide a new privacy definition for dynamical systems, and give a new framework to rigorously prove that a node's privacy can be protected as long as it has at least one legitimate neighbor which follows the consensus protocol faithfully without attempts to infer other nodes' states. In addition to enabling resilience to passive attackers aiming to steal state information, the approach also allows easy incorporation of defending mechanisms against active attackers who try to alter the content of exchanged messages. Furthermore, in contrast to existing noise-injection based privacy-preserving mechanisms which have to reconfigure the entire network when the topology or number of nodes varies, our approach is applicable to dynamic environments with time-varying coupling topologies. This secure and privacypreserving approach is also applicable to weighted average consensus as well as maximum/minimum consensus under a new update rule. Numerical simulations and comparison with existing approaches confirm the theoretical results. Experimental results on a Raspberry-Pi board based micro-controller network are also presented to verify the effectiveness and efficiency of the approach.