SECURITY FRAMEWORK FOR CYBER-PHYSICAL SMART PARKING SYSTEMS WITH AUTOMATED LICENSE PLATE RECOGNITION
DOI:
https://doi.org/10.28925/2663-4023.2025.29.900Keywords:
cybersecurity, cyber-physical systems, smart parking, automated license plate recognition, computer vision, IoT security, vulnerability assessmentAbstract
Smart parking systems with automated license plate recognition (ALPR) are getting more popular in cities, but they have serious cybersecurity problems. This study analyzes security threats in smart parking infrastructure and offers ways to reduce them via vulnerability assessments and improved security designs. We analyzed various attacks such as protocol exploits and data interception risks in cyber-physical parking systems. Our research studies RTSP camera communication vulnerabilities, REST API security problems, and cloud service integration risks in license number recognition systems using computer vision technologies. Our approach includes vulnerability testing, threat modeling with STRIDE framework, penetration testing, and security analysis. We studied problems of RTSP camera protocol, HTTP/HTTPS communications, Laravel REST API setup, and Google Cloud Vision API integration. Results show that smart parking systems may have data interception risks, unauthorized access, API security problems and system integrity threats, which need multi-layered security approaches. We designed a cyber-physical parking system prototype with improved security measures in all components. The prototype has good license plate recognition accuracy while applying security methods without major performance reduction. Important security factors include secure communication protocols, encrypted transmission of data, authentication frameworks, input validation, rate limiting, and logging systems. This research helps to understand cybersecurity facets in IoT-based parking systems and offers methods for secure automated vehicle recognition setup in smart cities. This work is truly relevant for Ukrainian smart city projects, showing methodology applicable by IT companies for critical infrastructure protection.
Downloads
References
Radiuk, P., Pavlova, O., El Bouhissi, H., Avsiievych, V., & Kovalenko, V. (2022). Convolutional neural network for parking slots detection. CEUR Workshop Proceedings, 3156, 284–293. https://hdl.handle.net/11300/26607
Durlik, I., Miller, T., Kostecka, E., Zwierzewicz, Z., & Łobodzińska, A. (2024). Cybersecurity in autonomous vehicles—Are we ready for the challenge? Electronics, 13(13), 2654. https://doi.org/10.3390/electronics13132654
Higgins, M., Jha, D. N., Blundell, D., & Wallom, D. (2025). Security by design issues in autonomous vehicles. arXiv preprint. https://doi.org/10.48550/arXiv.2501.04104
Guirrou, H., Youssef, T., Mohamed, Z. E., & Amal, T. (2024). Cybersecurity in autonomous vehicles: A comprehensive review study of cyber attacks and AI based solutions. International Journal of Engineering Trends and Technology, 72(1), 101–116. https://doi.org/10.14445/22315381/IJETT V72I1P111
Kim, K., Kim, J. S., Jeong, S., Park, J.-H., & Kim, H. K. (2021). Cybersecurity for autonomous vehicles: Review of attacks and defense. Computers & Security, 103, 102150. https://doi.org/10.1016/j.cose.2020.102150
Ghazali, A. A., & Fadzil, L. M. (2025). Intelligent illuminated parking system from cybersecurity perspectives: A review. International Journal of Electrical and Electronic Engineering (IJEEE), 12(1). https://doi.org/10.14445/23488379/IJEEE V12I1P119
Smart Parking Ltd. (2024, March 29). Innovative parking transformation. Retrieved from https://www.smartparking.com/nz
ZKTeco. (2024, April 20). ZKTecoParking. Retrieved from https://www.zkteco.com/en/VideoParkingGuidanceSystem/ZKTecoParking
OpenALPR. (2024, April 20). Automatic license plate recognition. Retrieved from https://www.openalpr.com/
OpenALPR. (2024, April 20). OpenALPR library. Retrieved from https://github.com/openalpr/openalpr
CVE 2025 30112: Bypass device pairing of 70mai Dashcam 1S. (2025, March 24). Retrieved from https://github.com/geo-chen/70mai/blob/main/README.md#finding-1---cve-2025-30112-bypass-device-pairing-of-70mai-dashcam-1s
CVE 2025 5113: Remote code execution on Diviotec IP Camera. (2025, June 3). Retrieved from https://www.onekey.com/resource/security-advisory-remote-code-execution-on-diviotec-ip-camera-cve-2025-5113
Kovalenko, V. V. (2022). Cyber physical smart parking system based on computer vision technology (Master’s thesis). Khmelnytskyi National University.
Avsiievych, V., & Kuzmin, A. (2022). Research of smart parking system vulnerabilities and ways to eliminate them. Aktualni problemy komputernykh nauk (APKN 2022), 11–14. Khmelnytskyi National University.
Google Cloud. (2023, December 2). Vision AI. Retrieved from https://cloud.google.com/vision
Avsiievych, V., & Kawonga, R. (2023). Security of smart parking cyber physical system. Information Technology & Engineering – 2023, 59–61. Mykolayiv, Ukraine.
Pavlova, O. O., Avsiievych, V. R., & Kuzmin, A. A. (2023). Research of factors influencing mobile application security on the example of the client part of a cyber physical smart parking system. In Stan, dosyahnennya ta perspektyvy informatsijnykh system i tekhnolohij: materialy XXIII Vseukrayinskoyi naukovo tekhnichnoyi konferentsiyi molodykh vchenykh, aspirantiv ta studentiv (pp. 98–99). ONTU Publishing House.
Hikvision Ukraine. (2024, April 20). Hikvision cameras with PoE support and outdoor installation. Retrieved from https://hikvision.co.ua/ua/kamery-videonablyudeniya/ip-kamery/?ocf=F76S3V430F60S3V373
Laravel. (2024, February 19). The PHP framework for web artisans. Retrieved from https://laravel.com/
Laravel. (2024, February 19). Laravel framework GitHub. Retrieved from https://github.com/laravel/framework
TutorialsPoint. (2024, February 19). Laravel – overview. Retrieved from https://www.tutorialspoint.com/laravel/laravel_overview.htm
Netguru. (2024, April 20). What is React Native. Retrieved from https://www.netguru.com/glossary/react-native
Facebook. (2024, April 20). React Native. Retrieved from https://github.com/facebook/react-native/blob/main/packages/react-native/scripts/cocoapods/helpers.rb
Google Cloud. (2024, April 20). Vision API. Retrieved from https://cloud.google.com/vision?demo
Internet Engineering Task Force. (2024, December 15). RFC 7519: JSON Web Token (JWT). https://tools.ietf.org/html/rfc7519
Elfaki, A. O., Messoudi, W., Bushnag, A., Abuzneid, S., & Alhmiedat, T. (2023). A smart real time parking control and monitoring system. Sensors, 23(24), 9741. https://doi.org/10.3390/s23249741
Alpana, A., Nikhil, K., Kunal, M., Shritej, N., & Shreenath, P. (2024). Parking the future: A review of IoT based parking systems. International Research Journal of Modernization in Engineering Technology and Science, 6(11), 2513–2517. https://doi.org/10.56726/IRJMETS63971
Mohamed, E., Heba, A., Mahmoud, S. E., Anca, D. J., & Marianne, A. A. (2023). Intrusion detection for electric vehicle charging systems (EVCS). Algorithms, 16(2), 75. https://doi.org/10.3390/a16020075
National Institute of Standards and Technology (NIST). (2024, December 15). Cybersecurity framework: NIST special publication 800 53 Rev. 5. Retrieved from https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
ISO/IEC. (2024, December 15). ISO/IEC 27005:2018 – Information security risk management. Retrieved from https://www.iso.org/standard/75281.html
OWASP. (2024, December 15). Internet of Things (IoT) Top 10. Retrieved from https://owasp.org/www-project-internet-of-things/
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Володимир Авсієвич, Ольга Павлова, Ігор Михальчук
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
