Clock and Timing
Timing attacks rely on changing or measuring the timing characteristics of the circuit and usually fall into one of two categories:
Active timing attacks are invasive attacks requiring physical access to the clock crystal or other timing circuitry. Classified as a fault-generation attack, the main goal is to vary the clock frequency to induce failure or unintended operation. Circuits that make use of the clock crystal for accurate timing, such as a time-based authentication token, could be attacked to "speed up" or "slow down" time based on the clock input. Slowing down a device can also help for debugging and analysis that may not be possible at higher rates. Adding countermeasures to disable the system or enable other tamper response mechanisms if the clock is removed may help thwart attacks. To prevent clock-skewing attacks, a Phase-Locked Loop (PLL) could be implemented to help reduce the clock delay and skew within a device. This setup will also regulate the internal system timing to compensate for variances in clock crystals.
Passive timing attacks are non-invasive measurements of computation time in order to determine data or device operation. By going with the notion that different computational tasks take different amounts of time, it might become possible to determine secret components or break the cryptographic system of the device under attack. Kocher's "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems"  is a leading text on this subject.