Information security has become a hot topic in Internet of Things (IoT), and traditional centralized access control models are faced with threats such as single point failure, internal attack, and central leak. In this paper, we propose a model to improve the access control security of the IoT, which is based on zero-knowledge proof and smart contract technology in the blockchain. Firstly, we deploy attribute information of access control in the blockchain, which relieves the pressure and credibility problem brought by the third-party information concentration. Secondly, encrypted access control token is used to gain the access permission of the resources, which makes the user's identity invisible and effectively avoids attribute ownership exposure problem. Besides, the use of smart contracts solves the problem of low computing efficiency of IoT devices and the waste of blockchain computing power resources. Finally, a prototype of IoT access control system based on blockchain and zero-knowledge proof technology is implemented. The test analysis results show that the model achieves effective attribute privacy protection, compared with the Attribute-Based Access Control model of the same security level, the access efficiency increases linearly with the increase of access scale.

信息安全已成为物联网（IoT）的热门话题，传统的集中式访问控制模型面临着单点故障，内部攻击和中央泄漏等威胁。本文提出了一种基于零知识证明和区块链中智能合约技术的物联网访问控制安全模型。首先，我们在区块链中部署访问控制的属性信息，缓解了第三方信息集中带来的压力和信誉问题。其次，使用加密的访问控制令牌来获得资源的访问权限，这使得用户的身份不可见，并有效避免了属性所有权暴露问题。除了，智能合约的使用解决了物联网设备计算效率低以及区块链计算能力资源浪费的问题。最后，实现了基于区块链和零知识证明技术的物联网访问控制系统原型。测试分析结果表明，该模型实现了有效的属性隐私保护，与相同安全级别的基于属性的访问控制模型相比，访问效率随着访问规模的增加而线性增加。