The paper "Security at the Edge for Resource-Limited IoT Devices" by Daniele Canavese, Luca Mannella, Leonardo Regano, and Cataldo Basile addresses the growing security challenges posed by the rapid expansion of the Internet of Things (IoT). With an estimated 14.4 billion active endpoints in 2022 and a forecast of 30 billion by 2027, IoT devices are becoming increasingly vulnerable due to intrinsic security flaws, limited computing power, and lack of timely security updates. The authors propose the IoT Proxy, a modular component designed to enhance the security of resource-limited IoT devices by externalizing security functions through a secure network gateway equipped with Virtual Network Security Functions (VNSFs). The core idea of the IoT Proxy is to channel IoT device traffic through a secure network gateway, which can include a Virtual Private Network (VPN) terminator and an Intrusion Prevention System (IPS) that uses machine learning-based oblivious authentication to identify connected devices. This approach aims to create a more resilient and secure IoT environment, especially for resource-limited devices. The paper details the design and implementation of the IoT Proxy, focusing on its modular and scalable nature. It includes a coordinator module that acts as the primary access point for IoT devices and a set of VNSFs that provide specific security controls. The coordinator communicates with the VNSFs via named pipes, ensuring seamless integration and effective security enforcement. Experimental results from laboratory testing demonstrate the effectiveness of the IoT Proxy. The coarse-grained random forest classifier achieves a balanced accuracy of around 70%, while the fine-grained model achieves a balanced accuracy of more than 60%. These results are significantly better than those of a random classifier, highlighting the potential of the IoT Proxy in enhancing IoT security. The authors also discuss the overhead introduced by the IoT Proxy, showing that even with all VNSFs enabled, the bandwidth loss is only about 17%, maintaining a good balance between security and performance. Future work includes exploring unsupervised machine learning models for enhanced anomaly detection, live traffic analysis, and diversifying the datasets used for training and evaluation. These advancements aim to further refine and expand the capabilities of the IoT Proxy to address emerging challenges in IoT security.The paper "Security at the Edge for Resource-Limited IoT Devices" by Daniele Canavese, Luca Mannella, Leonardo Regano, and Cataldo Basile addresses the growing security challenges posed by the rapid expansion of the Internet of Things (IoT). With an estimated 14.4 billion active endpoints in 2022 and a forecast of 30 billion by 2027, IoT devices are becoming increasingly vulnerable due to intrinsic security flaws, limited computing power, and lack of timely security updates. The authors propose the IoT Proxy, a modular component designed to enhance the security of resource-limited IoT devices by externalizing security functions through a secure network gateway equipped with Virtual Network Security Functions (VNSFs). The core idea of the IoT Proxy is to channel IoT device traffic through a secure network gateway, which can include a Virtual Private Network (VPN) terminator and an Intrusion Prevention System (IPS) that uses machine learning-based oblivious authentication to identify connected devices. This approach aims to create a more resilient and secure IoT environment, especially for resource-limited devices. The paper details the design and implementation of the IoT Proxy, focusing on its modular and scalable nature. It includes a coordinator module that acts as the primary access point for IoT devices and a set of VNSFs that provide specific security controls. The coordinator communicates with the VNSFs via named pipes, ensuring seamless integration and effective security enforcement. Experimental results from laboratory testing demonstrate the effectiveness of the IoT Proxy. The coarse-grained random forest classifier achieves a balanced accuracy of around 70%, while the fine-grained model achieves a balanced accuracy of more than 60%. These results are significantly better than those of a random classifier, highlighting the potential of the IoT Proxy in enhancing IoT security. The authors also discuss the overhead introduced by the IoT Proxy, showing that even with all VNSFs enabled, the bandwidth loss is only about 17%, maintaining a good balance between security and performance. Future work includes exploring unsupervised machine learning models for enhanced anomaly detection, live traffic analysis, and diversifying the datasets used for training and evaluation. These advancements aim to further refine and expand the capabilities of the IoT Proxy to address emerging challenges in IoT security.