Recommendation for Key Management – Part 1: General (2007) Elaine Barker, William Barker, William Burr, William Polk, and Miles Smid http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
Practical Architectures for
Survivable Systems and Networks (2000) By Peter G. Neumann http://www.csl.sri.com/users/neumann/survivability.html
Computer Safety, Reliability and Security (2002) Stuart Anderson, Massimo Felici, Sandro Bologna (editors) https://books.google.com/books?id=KnZrCQAAQBAJ&pg=PA67&lpg=PA67&dq=survivability+"key+management"+cryptography&source=bl&ots=jHXw9p5U7f&sig=dlzequZt_Pp5sKT9dyMX1HX0i2U&hl=en&sa=X&ved=0CFEQ6AEwCGoVChMIm6vA0-fWxwIVkH-SCh2djQhz#v=onepage&q=survivability "key management" cryptography&f=false
Insecure Context Switching: Inoculating regular expressions for
Survivability (2009) by Will Drewry and Tavis Ormandy http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/34443.pdf
Types of failure modes in a cryptographic system
As stated in the article “Methods of Maximizing the Security Protection of a Cryptographic System”, access to critical information can easily be lost if some error or compromise is detected in the keying process or any one of other numerous failures occur, including lost key cards or tokens, forgotten passwords, hardware failure, power loss, memory corruption, electromagnetic interference, etc. This is especially critical in the payment card industry where cardholder data can be a prime target for possible attack.
Using backups for failures due to the keying process
If the failure is related to inaccessibility of a key (or keys) due to corruption or other factors, access to information can usually be restored by using a backup copy of a key and related keying material. Instead of using backups, it may be more convenient for an organization to create new keying material, if such a method allows the recovery of the original protected information. This can prevent the possibility of further compromise, but in most cases, the generation and distribution of new keying material is an extensive process, and it is much easier to use backups.
Complications in recovery due to multiple key users
Whether or not backups are used or new keying material is generated, if a key or set of keys are shared between a single pair of users, the recovery process in the event of compromise is relatively simple. Damage assessment and protection measures against future compromise are also easily taken care of. However, if a large number of users depend on the same key of group of keys for accessing information, the recovery process and damage assessment can be extremely complex and expensive. In cases like these, it is preferable to have some form of alternate key available at the various locations, or use well-defined and secure paths for replacing compromised keys automatically. This would avoid the need for manual distribution of keys, which could happen sometimes. Whenever a wide-spread key compromise occurs among many users, a means should be implemented to notify each one about the compromise and key replacement. It should also be emphasized that if any keying material has been subjected to unauthorized use, all information and/or processes protected by that keying material are immediately affected.