Design Architecture

Design Architecture

Introduction of nodes

  • Introducing an Entrance Node to monitor the user arrival

  • Using Parking Spot Nodes to monitor individual parking spots.

  • Introducing Exit Node to monitor the user departure.

For the business owners

  • Monitor usage statistics through a portal introduced by us.

  • Our Car Park Management app will guide you in collecting required data.

  • Can monitor the ongoing payments.

For the car park users

  • Can register for this service through a mobile app.

  • Directions will be provided through the mobile app.

  • Can make payments through the app.


Solution Architecture

Solution Architecture

    Our solution architecture consists of entrance/exit nodes, the parking spot nodes, the mobile application and management portal representing the frontend of the system and the cloud server. The hardware nodes have been given their own power supplies and the all the frontend software and the hardware nodes are connected to the cloud server via Wi-Fi.

Web-based GUI

Parking Management Portal

  • A management portal for the owners to view and manage their car park. Easily manage parking spots and collect usage statistics (Daily and weekly statistics).

  • Can be accessed from anywhere and no additional software required.

  • Technologies used - React JS and Node.js. Single Page Application is used since it is ideal for the purpose of a dashboard that updates itself in real-time.

Mobile App

App For The Car Park Users

  • Users can register for the service through the app.

  • Users can reserve parking spots in advance. The car park users can make card payments using the mobile app.

  • Provides directions to the assigned parking spot.

  • Developed using React Native.

Entrance/Exit Nodes

Monitors Arrival/Depature

  • Monitor vehicles at entrance and exit.

  • License plate identification using OCR (Raspberry Pi + Camera).

  • Display assigned parking spot number in a LCD display.

  • Gate + proximity sensors control the flow of vehicles.

Parking Spot Nodes

Detects Parking Spot Status

  • Prevents unauthorized parking.

  • Gate + Proximity Sensor detect the presence of a vehicle in the parking spot.

  • NodeMCU used will communicate the presence of vehicle to cloud and controls the gate.

Flow and Storage

Flow of Data and Control

    The data and control flow of the system gets initiated at the entrance node once a user enters into the parking lot. The license plate number of that vehicle will be read by the entrance node and it will be sent to the server along with the check-in time. In the meantime, the mobile app will authenticate the user using their location. Once an empty parking spot number is sent by the server, the user will be guided to that spot through the use of clear images using the mobile app and the necessary updates will be made in the management portal. Once the user reaches the parking spot, the spot node will check and update the status of the spot (occupied or not). Once the user leaves their assigned spot and reaches the exit node, the exit node will obtain the license plate number and the check-out time and will send that information to the server. Once the cost has been processed by the server based on the hourly rate set by the managers of the parking lot, the amount to be paid will be sent to the mobile app and will be displayed on the LCD display.

Hardware Designs

Node Designs

Entrance/exit Nodes

    HC-SR04 ultrasonic distance sensors will sense the incoming vehicle at the entrance node and the digital camera will get the license plate image. This image will be processed at the Raspberry Pi 4 (Python and Tessaract OCR will be used for the Automatic Number Plate Recognition in the Raspberry Pi) and the necessary data will be send to the server. Once a spot number is received from the server, the Raspberry Pi 4 will signal the servo motor to open the gate while displaying the spot number on the LCD display. Each hardware node has an AC-DC power supply attached and the components operate on 5V DC. We will have secure Wi-Fi with standard WPA2 encryption to avoid unauthorized access.

Spot Node ESP-MESH

    The servo motor will open the spot gate once a spot is assigned to a vehicle. The NodeMCU ESP8266 will decide the parking spot status based on the sensor data received from the HC-SR04 ultrasonic distance sensor and the spot status will be sent to the server. We will be creating an ESP-MESH to create a Wi-Fi mesh network and will be using the in-built Wi-Fi module for connectivity. NodeMCU ESP8266 takes in 5VDC power but operates on 3V3DC power. Similar to the entrance/exit node, power will be provided using and AC-DC power supply. Unauthorized parties may intercept communication between the nodes and the server. To prevent this, as mentioned before, secure Wi-Fi channels with standard WPA encryption will be used to ensure secure connection to the server.

More hardware designs

PCB Designs

Solution Architecture

    The PCB designs were developed for the Spot Node. The designs shown above were developed using Proteus software. The design includes connections to the NodeMCU ESP 8266 and several headers which can be used to provide connections for the servo motor and the proximity sensor. An additional set of headers was used to provide power for this unit via a micro-USB breakout board.

Network Architecture

Frontend + Backend

    For the backend we will be using the MERN Stack (MongoDB Database, Express.js web framework, React.js Frontend Framework, Node.js server). The backend is primarily handled by a Node.js web server running on an AWS cloud VM instance. The Express web framework is used to simplify the development process since it abstracts away things like HTTP request handling, parsing URLs etc. In-built Express methods are used to develop the REST API that the web application and the mobile app uses to communicate with the server. The REST API endpoints will use HTTPS to leverage TLS/SSL encryption for the communication with the server.

    A MongoDB database on an Atlas instance is used for data storage. The Mongoose data modelling library is used to provide a layer of abstraction to the connection between the Node server and the database. The Atlas service provides the ability to do routine backups of the database. The hardware nodes will communicate with the server using the MQTT protocol. The server will interact with the hardware nodes using AWS IoT Core. MQTT can be configured to use TLS/SSL encryption so that the communication is secure.

    The server runs the spot picking algorithm (Python script) as a child processes using the child-process library. Reservation handling is done by running it as a separate JavaScript file, which handles reservations one hour prior to the reservation time. Owners can observe reservations through the management portal. Records of usage of the parking lot are stored in the database and the temporary storage has a lifetime of three months. (Reservations and spot assignments.) Cors library is used to enable CORS (Cross-Origin Resource Sharing) for security. This allows us to limit access to the API based on the origin. Bcrypt is used for password hashing which uses the blowfish cipher with ten salting rounds to prevent attacks without a large hit to performance. Jsonwebtoken is used for user authentication. This generates a session token for a registered user when they log in that can be used to authenticate the user with the credentials stored in the database. Details of the REST API endpoints for the server side are available in the project repository.

    During a power outage, if the car park management decides to keep the car park open despite the hardware nodes being down, they can manually enter the data into the system through the management portal to keep the system up to date so that it can recover properly and continue operation once it is back online. Hardware node online/offline status will be detected by the transmission of an MQTT “heartbeat” message every 5 mins.

Design decisions


Solution Architecture

    Spot Picking Algorithm

    Whenever a customer arrives at the Entrance Node, the backend server is expected to find a suitable unoccupied spot (unless it is reserved) for the customer. This process is done considering the possibility of a customer parking at the wrong spot once they are inside the parking lot. To avoid such a situation, the spot picking algorithm tries to find the furthest spot from the last allocated spot for the most recent user.

    Reservation Algorithm

    It is possible for registered car park users to make reservations through the mobile application. For a user to make such a reservation, the following prerequisites need to be satisfied: the reservation must be on the same day, have to be made more than one hour before the reservation time, reservations are not a guarantee for a parking spot.

    Solution Architecture

Security of the system

Security Aspects

Solution Architecture

    Our system security is mainly characterized by the five elements given above. Bcrypt has been used for password hashing in order to securely store login credentials of the users. CORS (Cross-Origin Resource Sharing) is used for security to limit access to the API based on the orgin. Atlas will limit ingress access to requests coming in from the server’s IP address (Server communicates with Atlas instance over HTTPS). Access Management Control is deployed within the system by covering the 3A's; Authentication, Authorization and Accountability. Jsonwebtoken is used for user authentication, while the location of the user is checked at the entrance. We only allow GET method access for the mobile app users using CORS. For authentication we wiil be passing the auth-token for every API request as a header. We are using Transport Layer Security (TLS) to secure the connection and the data. This technology encrypts data before it is sent from the client to the server, thus preventing some common hacks. Without TLS POST requests will be visible so their network traffic is vulnerable to packet sniffing and man-in-the-middle attacks. Utilizing Secure Socket Layer (SSL) encryption was done while using Nginx to handle TLS.

Solution Architecture

    Validatorjs is used in order to validate user input to limit SQL injections and XSS attacks. This is done to validate every input for the frontend since some attackers can send SQL commands or harmful java script code to execute. Validatorjs is used to prevent such attacks by checking whether the input is a valid email. Using npm to manage our application’s dependencies is powerful and convenient. But the packages that we use may contain critical security vulnerabilities that could also affect our application. To avoid such vulnerabilities, we will be using Snyk which offers both a command-line tool and a GitHub integration that checks our application against Snyk’s open-source vulnerability database for any known vulnerabilities in our dependencies. X-Powered-By reveals information about the technologies used in an app. Therefore, to avoid outsiders exploit server security weaknesses of our server technology we will be disabling this header.

Bill of Materials

Entrance-Exit Nodes + Parking Spot Node

Component Quantity Unit Price (LKR) Price (LKR)
Raspberry Pi 4B 01 9 000 9 000
Camera Modules 02 1 000 2 000
LCD Displays 02 5 000 10 000
NodeMCU ESP8266 01 800 800
HC-SR04 Ultrasonic Sensor 05 190 950
Servo Motors 03 320 960
Power Supply (5V12A) 02 1 500 3 000
Total 26 710