Distributed Internet of Things (Distributed IoT) is a large-scale, heterogeneous, dynamic distributed architecture environment which is gradually formed based on Internet of Things (IoT) technology. In order to cope with the large number access requirements for IoT data brought by application expansion, the data of IoT devices are usually stored in the management server (DMS) of current domain, and adopt a centralized access control mechanism to user. This centrally approach can easily cause data to be tampered with and leaked. Moreover, registering different identities when user accesses different domains increases the difficulty to manage his identities. Therefore, this paper proposes a blockchain-based access control scheme called BacS for Distributed IoT. In BacS, firstly, we use account address of the node in blockchain as the identity to access DMS, redefine the access control permission of data of devices and store on blockchain. Then we design processes of authorization, authorization revocation, access control and audit in BacS. Finally, we use a lightweight symmetric encryption algorithm (SEA) to achieve privacy-preserving for Distributed IoT system. We build a credible experimental model on Ethereum private chain, results show that BacS is feasible and effective that it can achieve secure access in Distributed IoT environment while protecting privacy.

分布式物联网（Distributed IoT）是一种大规模的，异构的，动态的分布式架构环境，它是基于物联网（IoT）技术逐渐形成的。为了应对应用扩展带来的物联网数据的大量访问需求，物联网设备的数据通常存储在当前域的管理服务器（DMS）中，并采用集中式的用户访问控制机制。这种集中式方法很容易导致数据被篡改和泄漏。此外，当用户访问不同的域时注册不同的身份会增加管理其身份的难度。因此，本文提出了一种基于区块链的分布式物联网BacS访问控制方案。在BacS中，首先，我们以区块链中节点的账户地址作为身份来访问DMS，重新定义设备数据的访问控制权限并存储在区块链中。然后，我们在BacS中设计授权，授权吊销，访问控制和审计的过程。最后，我们使用轻量级的对称加密算法（SEA）来实现分布式IoT系统的隐私保护。我们在以太坊私有链上建立了可靠的实验模型，结果表明BacS是可行且有效的，它可以在分布式IoT环境中实现安全访问，同时保护隐私。我们使用轻量级对称加密算法（SEA）来实现分布式IoT系统的隐私保护。我们在以太坊私有链上建立了可靠的实验模型，结果表明BacS是可行且有效的，它可以在分布式IoT环境中实现安全访问，同时保护隐私。我们使用轻量级对称加密算法（SEA）来实现分布式IoT系统的隐私保护。我们在以太坊私有链上建立了可靠的实验模型，结果表明BacS在保护隐私的同时，可以在分布式IoT环境中实现安全访问的可行性和有效性。