A true random number generator can be susceptible to a variety of attacks from unauthorized adversaries, including, for example, active and passive side-channel attacks. Such side-channel attacks include active PVT (power, voltage, temperature) attacks in which PVT is actively manipulated or otherwise observed to bias the randomness of the bit stream or to detect the random values being output. Such techniques may allow the attacker to monitor the analog characteristics of power supplies, interface connections, as well as any electromagnetic (EM) radiation.
In addition, if not properly isolated or secured, a true random number generator can be vulnerable to various fault injection attacks, where an attacker maliciously introduces an error in a processor in order to alter the software execution (e.g., prevent the execution of an instruction, corrupt the data the processor is working with, bias the randomness of the data, etc.). Examples of such fault injection attacks include voltage glitching and EM glitching, which can cause predictable collapse times (e.g., active attacks).
Also, due to certain counting and collapsing aspects of a true random number generator, there may be a distinct power/EM profile that can be post-processed to determine the collapse count value.